From 9606a712b05ca12daf852a6a5345d30a4363ea09 Mon Sep 17 00:00:00 2001 From: Ilia Alshanetsky Date: Sun, 22 Feb 2009 17:55:01 +0000 Subject: [PATCH] MFB: Fixed 2 memory corruptions in zip extension idenfied by oo_properties.phpt test --- ext/zip/php_zip.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/ext/zip/php_zip.c b/ext/zip/php_zip.c index e1aa3a0bf0..30413f3196 100644 --- a/ext/zip/php_zip.c +++ b/ext/zip/php_zip.c @@ -791,7 +791,7 @@ static int php_zip_property_reader(ze_zip_object *obj, zip_prop_handler *hnd, zv switch (hnd->type) { case IS_STRING: if (retchar) { - ZVAL_STRING(*retval, (char *) retchar, 1); + ZVAL_STRINGL(*retval, (char *) retchar, len, 1); } else { ZVAL_EMPTY_STRING(*retval); } @@ -914,10 +914,11 @@ static int php_zip_has_property(zval *object, zval *member, int type TSRMLS_DC) if (ret == SUCCESS) { zval *tmp; + ALLOC_INIT_ZVAL(tmp); if (type == 2) { retval = 1; - } else if (php_zip_property_reader(obj, hnd, &tmp, 1 TSRMLS_CC) == SUCCESS) { + } else if (php_zip_property_reader(obj, hnd, &tmp, 0 TSRMLS_CC) == SUCCESS) { Z_SET_REFCOUNT_P(tmp, 1); Z_UNSET_ISREF_P(tmp); if (type == 1) { @@ -925,8 +926,9 @@ static int php_zip_has_property(zval *object, zval *member, int type TSRMLS_DC) } else if (type == 0) { retval = (Z_TYPE_P(tmp) != IS_NULL); } - zval_ptr_dtor(&tmp); } + + zval_ptr_dtor(&tmp); } else { std_hnd = zend_get_std_object_handlers(); retval = std_hnd->has_property(object, member, type TSRMLS_CC); -- 2.50.1